Guards are not Air Gaps

9 Dec

“An air gap is a network security measure that consists of ensuring that a secure computer network is physically isolated from unsecured networks, such as the public Internet or an unsecured local area network.”  (Wikipedia)

Note the emphasis in the word physically.

A number of forums have discussed whether data diodes are equivalent to air gaps in one direction, including a number of articles on Cyber Matters.   In reality you can argue it both ways.

One thing is absolutely certain however.  A data guard, allowing a two way data flow, is absolutely not an air gap and is not equivalent to an air gap.  A data guard enables communication between two networks under strictly controlled conditions – it does not physically separate the networks, but can provide separation at the network layer.  Air gaps provide physical separation, in order to manage different threats.

To someone concerned with network security this should matter. It is important to address the business requirement using the appropriate technology. That is why Nexor have a portfolio of flow control products and on Cyber Matters we try to explain concepts that even some experts get confused about.  What you will not find us doing at Nexor or on Cyber Matters is trying to market a Guard as an Air Gap, they are different things which solve different problems.

Please join the discussion, we welcome your views...

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: